SAML SSO to Amazon AWS from SSOCircle

English on September 19th, 2017 No Comments

Many people were asking about doing SSO to Amazon AWS from SSOCircle. Since SSOCircle Public IDP has a common Circle of Trust the Service Provider EntityIDs are shared and must be unique. AWS provides a single SAML Service Provider Metadata file at https://signin.aws.amazon.com/static/saml-metadata.xml for all AWS customers. As the AWS SP is already imported into […]

Tags: , , ,

Next Generation Identity and Access Management

English on April 6th, 2017 No Comments

SSOCircle recently introduces a Graph based identity management system with user manageable access permissions and an entitlement API. Enter ReBAC (Relationship Based Access Control. Add ReBAC to ABAC (Attribute Based Access Control) and RBAC (Role Based Access Control) and get StarBAC. ReBAC can be described by the explicit tracking of relationships between identities themselves and […]

Tags: , , , , , , , , ,

Configuration and Metadata Certificate Changes

English on August 7th, 2016 No Comments

Applies to the Public IDP. Not to our IDPee offerings. Update: Public IDP Metadata will be replaced during a maintenance window at the weekend of 13/14th August 2016. We do not expect downtime but there may be some changes needed at your service provider. SSOCircle Root CA certificate used for client certificate authentication will also […]

Tags: , , , ,

Enable Key Generation in Chrome

English on June 6th, 2016 No Comments

The following article refers to the process of generating client certificates at the SSOCircle Public IDP. In the PKI functionality of SSOCircle IDP we allow the automatic generation of keys and the enrollment of X.509 certificates. Client certificates are used for strong authentication. These certificates are not related to the certificates used with SAML single […]

Tags: , , , ,

Microsoft Office365 SAML Vulnerability: Authentication Bypass

English on April 30th, 2016 No Comments

The vulnerability in the Microsoft Office 365 SAML implementation, published last week, dramatically underlines how important it is to handle account federations with due diligence. In the light that such a drastic authentication bypass can happen, not only at a small SaaS and cloud player, but at a provider of the size and importance of […]

Tags: , , , , ,

Test your SAML Service Provider from the Command Line

English on March 14th, 2016 No Comments

cURL and wget – these tools tend to be of great value when a developer starts programming against a new API. With OAuth, you need to get an access token from one API and query another API for the actual data. Seeing the requests at the command line helps understanding the protocols and errors that […]

Tags: , , , ,

New Premium Feature: Debugging IDP Integration

English on February 29th, 2016 No Comments

SAML Integration is easy? If you start to get your hands dirty and undertake the first steps in implementing the standard, you will most likely get an error when running your initial tests. You simply might have missed to import your service provider metadata into the SSOCircle of Trust or have something wrong with the […]

Tags: , , ,

Banks ignore crypto checks in credit card transactions. Standards are not enough!

English on January 23rd, 2016 No Comments

The newspapers “Zeit” and “c’t” revealed that credit cards with new chip-and-pin based security (EMV) can be cloned and used for payments. At first glance very surprising as EMV credit cards are smartcards with crypto graphic measures, which allow a bank to recognize modifications to cards or transaction data. These cards are per se more […]

Tags: , , ,

Session Timeout – another useless Security Brainchild?

English on January 7th, 2016 No Comments

A synonym for “timeout” is “break” or “pause”. Sounds like a good thing – in principle. When it comes to “session timeout” perception might be different. What exactly do we mean with “session timeout”? At OWASP you might find explanations similar to: Session timeout defines an action window which represents the time span in which […]

Tags: , , , ,

Termination of Google Apps SSOCircle Accounts

English on March 10th, 2015 No Comments

Google Apps integration into the SSOCircle of Trust was started in 2007 and has been one of the first active Google SAML integration in that time. Our intention was to showcase a working demo for SAML single sign on. We have now received an email from Google which states that the Google Apps ISP Partner […]

Tags: , ,